we are using squid caching server for our corporate purpose. The details are as follows.

OS : RedHat Linux 6.2

Wccp : Version 1

Router: Cisco 7206

Squid : squid 2.3

Our Caching server is working fine for the past 15 days. Now we found a problem. If anyone from the internal segments generate virus. it is directly hitting the cache, eventhough we put the ACL in the squid.conf file. Our configuraton is as follows.

acl nimda1 url_regex root.exe

acl nimda2 url_regex command.exe

acl nimda3 url_regex readme.exe

acl nimda4 url_regex readme.eml

acl all src 0.0.0.0/0.0.0.0

acl src office! lan 192.168.129.3/255.255.255.255

http_access allow officelan

http_access deny nimda1

http_access deny nimda2

http_access deny nimda3

http_access deny nimda4

http_access deny all

Becos our corporate proxy IP is 192.168.129.3 So we want to get the requests only from the particular ip(For our security issues). But if any of the system in the same Network (192.168.129.0/24) has virus , simply it is hitting the caching server and the performance is degraded like anything. No other users can able to browse.

Also I have put the ipchains rule in the Linux Box. My IP chain rule is as follows